← Back to context

Comment by lucb1e

3 years ago

> > It's insecure by default

> If you're calling MTProto 2.0 'insecure' then you should know [...]

If you're calling "secret chats" the default, then you should ask around or try to use telegram on desktop or just open telegram and see how much stuff is actually encrypted.

5 comments

lucb1e

Reply
jbverschoor  3 years ago

Secret chats are not the default. So Telegram can simply read them.

In whatsapp, messages have always been on-device / in-memory, where they belong, doing a p2p sync/transfer

> 1. Is There a Secret Chat On Telegram Desktop?

> No. Due to Telegram secret chat's end-to-end encryption and the requirement for permanent storage on the device (and not using the Cloud to store data), Telegram does not have the secret chat feature on Desktop or Web Telegram. They may add this feature on their desktop version in the future, but for now, it is not safe enough to have it.

NayamAmarshe  3 years ago

> If you're calling "secret chats" the default

MTProto is the name of the:

1. Cloud Encryption

2. E2E encryption

algorithm at Telegram. MTProto 2.0 is not just secret chats, a different implementation is used for cloud: https://core.telegram.org/mtproto/AJiEAwIYFoAsBGJBjZwYoQIwFM...

Both cloud and e2ee consist of what's called the MTProto 2.0 algorithm.

  • lucb1e  3 years ago

    Yeah that cloud encryption is bullshit. If you're not transferring keys in a way that only your devices can access the data, then they can also read the data. It's indeed not broken if it didn't perform this function in the first place

    • NayamAmarshe  3 years ago

      I'm so tired of people wanting to turn Telegram into Signal, it's never going to happen. E2EE comes at a cost. The cost is decreased scalability and inferior UX as clearly evident.

      Matrix can't even load 100 old messages properly with E2EE enabled in a room. Signal can't even handle scale when it comes to chat groups and communities. There's no anonymity in both either as Signal doesn't even allow you to hide your phone number and Matrix leaks your metadata to all involved participants like crazy.

      Telegram doesn't use E2EE but the privacy and security are in no way compromised.

      The whole fuss about "They can read your messages" holds a very negative assumption in the first place about them reading it and then also assumes everybody's threat model involves inferior UX of managing chat backups like WhatsApp just to keep messages away from cloud.

      Just take a look at your threat model and decide what you want, not everybody wants an E2E encrypted chat app because we know the compromises that we have to make with E2EE and I'd rather have my chats on cloud encryption than my local device, considering how many features Telegram allows me to have with cloud sync.

      1 reply →